Published: Tue, May 16, 2017
Sci-tech | By Carrie Guzman

North Korean hackers may be behind global cyber attack

North Korean hackers may be behind global cyber attack

The WannaCry ransomware attack has been linked to the infamous Lazarus Group, which was behind the devastating hacks on Sony Pictures in 2014 and a Bangladeshi bank in 2016.

Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response.

Even though there appeared to be a diminished number of attacks Monday, computer outages still affected segments of life across the globe, especially in Asia, where Friday's attacks occurred after business hours.

WannaCry demanded ransoms starting at $300, in line with many cyber extortion campaigns, which keep pricing low so more victims will pay. The majority of patients are being advised to turn up for their usual appointments, unless told otherwise. The attack was first reported Friday and has hobbled hundreds of thousands of computers by encrypting data on the machines. He registered a domain name the name of which was contained in the code of the virus. "While these connections exist, they so far only represent weak connections".

Kaspersky Lab said, "This level of sophistication is something that is not generally found in the cybercriminal world".

"However, this code appears to have been removed from later versions".

The Global Research and Analysis Team at Kaspersky Lab have posted screen shots of two programs side-by-side in a blog post discussing the possible link.

"We believe this might hold the key to solve some of the mysteries around this attack", the researchers say. "One thing is for sure - Neel Mehta's discovery is the most significant clue to date regarding the origins of [Wanna Cry]", the company's post reads.

Other experts quickly jumped on this as a sign - although an inconclusive one - that North Korea may have been behind the outbreak.

Donald Trump says he has 'absolute right' to share info with Russia
Mark Warner, D-Virginia, say they have not yet heard from the White House on Trump's meeting with the Russian officials. If a Central Intelligence Agency officer had revealed this information to the Russians, he would be fired instantly".

The latest observations are still a long way from determining whether North Korean hackers were behind the recent global cyberattack, but they demonstrate how researchers go about finding who is to blame.

According to the analyst, the code that was found in WannaCry coincides with the code from Trojan viruses that Lazarus used earlier.

WannaCry has so far infected more than 300,000 machines in 150 countries.

According to Ryan Kalember, senior vice president of cybersecurity at Proofpoint, a second and a third wave of WannaCry ransomware attacks both failed over the weekend, one variant using a modified "kill switch" and another variant with no "kill switch" at all. Such "killswitches" are highly unusual for malware developed by financially motivated criminal groups.

The hackers responsible have not received much in return for their efforts. Those behind the malware attack used the flaw to get into Windows systems. "Killswitches in malware are rare, and I can only think of government malware with those built in".

While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defenses.

There is another possibility that "Lazarus Group" may be working independently and without the instructions from North Korea, the report added. In the case of Sony Pictures, hackers sought to prevent the release of The Interview, a film that mocked North Korean leader Kim Jong-Un.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. Moreover, the malware doesn't even bother to automatically check whether or not victims have paid up. If an enemy nation is behind the attack, the motivation may be to sow disruption and anxiety or to embarrass the NSA, rather than to make financial gains.

The attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others.

Like this: